aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211/rx.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/mac80211/rx.c')
-rw-r--r--net/mac80211/rx.c406
1 files changed, 330 insertions, 76 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 7175ae80c36a..66f7ecf51b92 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -86,8 +86,7 @@ ieee80211_rx_radiotap_len(struct ieee80211_local *local,
86 86
87 if (status->flag & RX_FLAG_TSFT) 87 if (status->flag & RX_FLAG_TSFT)
88 len += 8; 88 len += 8;
89 if (local->hw.flags & IEEE80211_HW_SIGNAL_DB || 89 if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
90 local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
91 len += 1; 90 len += 1;
92 if (local->hw.flags & IEEE80211_HW_NOISE_DBM) 91 if (local->hw.flags & IEEE80211_HW_NOISE_DBM)
93 len += 1; 92 len += 1;
@@ -102,7 +101,7 @@ ieee80211_rx_radiotap_len(struct ieee80211_local *local,
102 return len; 101 return len;
103} 102}
104 103
105/** 104/*
106 * ieee80211_add_rx_radiotap_header - add radiotap header 105 * ieee80211_add_rx_radiotap_header - add radiotap header
107 * 106 *
108 * add a radiotap header containing all the fields which the hardware provided. 107 * add a radiotap header containing all the fields which the hardware provided.
@@ -158,7 +157,7 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
158 */ 157 */
159 *pos = 0; 158 *pos = 0;
160 } else { 159 } else {
161 rthdr->it_present |= (1 << IEEE80211_RADIOTAP_RATE); 160 rthdr->it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_RATE);
162 *pos = rate->bitrate / 5; 161 *pos = rate->bitrate / 5;
163 } 162 }
164 pos++; 163 pos++;
@@ -199,14 +198,6 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
199 *pos = status->antenna; 198 *pos = status->antenna;
200 pos++; 199 pos++;
201 200
202 /* IEEE80211_RADIOTAP_DB_ANTSIGNAL */
203 if (local->hw.flags & IEEE80211_HW_SIGNAL_DB) {
204 *pos = status->signal;
205 rthdr->it_present |=
206 cpu_to_le32(1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL);
207 pos++;
208 }
209
210 /* IEEE80211_RADIOTAP_DB_ANTNOISE is not used */ 201 /* IEEE80211_RADIOTAP_DB_ANTNOISE is not used */
211 202
212 /* IEEE80211_RADIOTAP_RX_FLAGS */ 203 /* IEEE80211_RADIOTAP_RX_FLAGS */
@@ -371,39 +362,50 @@ static void ieee80211_parse_qos(struct ieee80211_rx_data *rx)
371 rx->skb->priority = (tid > 7) ? 0 : tid; 362 rx->skb->priority = (tid > 7) ? 0 : tid;
372} 363}
373 364
374static void ieee80211_verify_ip_alignment(struct ieee80211_rx_data *rx) 365/**
366 * DOC: Packet alignment
367 *
368 * Drivers always need to pass packets that are aligned to two-byte boundaries
369 * to the stack.
370 *
371 * Additionally, should, if possible, align the payload data in a way that
372 * guarantees that the contained IP header is aligned to a four-byte
373 * boundary. In the case of regular frames, this simply means aligning the
374 * payload to a four-byte boundary (because either the IP header is directly
375 * contained, or IV/RFC1042 headers that have a length divisible by four are
376 * in front of it).
377 *
378 * With A-MSDU frames, however, the payload data address must yield two modulo
379 * four because there are 14-byte 802.3 headers within the A-MSDU frames that
380 * push the IP header further back to a multiple of four again. Thankfully, the
381 * specs were sane enough this time around to require padding each A-MSDU
382 * subframe to a length that is a multiple of four.
383 *
384 * Padding like Atheros hardware adds which is inbetween the 802.11 header and
385 * the payload is not supported, the driver is required to move the 802.11
386 * header to be directly in front of the payload in that case.
387 */
388static void ieee80211_verify_alignment(struct ieee80211_rx_data *rx)
375{ 389{
376#ifdef CONFIG_MAC80211_DEBUG_PACKET_ALIGNMENT
377 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 390 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
378 int hdrlen; 391 int hdrlen;
379 392
393#ifndef CONFIG_MAC80211_DEBUG_PACKET_ALIGNMENT
394 return;
395#endif
396
397 if (WARN_ONCE((unsigned long)rx->skb->data & 1,
398 "unaligned packet at 0x%p\n", rx->skb->data))
399 return;
400
380 if (!ieee80211_is_data_present(hdr->frame_control)) 401 if (!ieee80211_is_data_present(hdr->frame_control))
381 return; 402 return;
382 403
383 /*
384 * Drivers are required to align the payload data in a way that
385 * guarantees that the contained IP header is aligned to a four-
386 * byte boundary. In the case of regular frames, this simply means
387 * aligning the payload to a four-byte boundary (because either
388 * the IP header is directly contained, or IV/RFC1042 headers that
389 * have a length divisible by four are in front of it.
390 *
391 * With A-MSDU frames, however, the payload data address must
392 * yield two modulo four because there are 14-byte 802.3 headers
393 * within the A-MSDU frames that push the IP header further back
394 * to a multiple of four again. Thankfully, the specs were sane
395 * enough this time around to require padding each A-MSDU subframe
396 * to a length that is a multiple of four.
397 *
398 * Padding like atheros hardware adds which is inbetween the 802.11
399 * header and the payload is not supported, the driver is required
400 * to move the 802.11 header further back in that case.
401 */
402 hdrlen = ieee80211_hdrlen(hdr->frame_control); 404 hdrlen = ieee80211_hdrlen(hdr->frame_control);
403 if (rx->flags & IEEE80211_RX_AMSDU) 405 if (rx->flags & IEEE80211_RX_AMSDU)
404 hdrlen += ETH_HLEN; 406 hdrlen += ETH_HLEN;
405 WARN_ON_ONCE(((unsigned long)(rx->skb->data + hdrlen)) & 3); 407 WARN_ONCE(((unsigned long)(rx->skb->data + hdrlen)) & 3,
406#endif 408 "unaligned IP payload at 0x%p\n", rx->skb->data + hdrlen);
407} 409}
408 410
409 411
@@ -435,6 +437,52 @@ ieee80211_rx_h_passive_scan(struct ieee80211_rx_data *rx)
435 return RX_CONTINUE; 437 return RX_CONTINUE;
436} 438}
437 439
440
441static int ieee80211_is_unicast_robust_mgmt_frame(struct sk_buff *skb)
442{
443 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
444
445 if (skb->len < 24 || is_multicast_ether_addr(hdr->addr1))
446 return 0;
447
448 return ieee80211_is_robust_mgmt_frame(hdr);
449}
450
451
452static int ieee80211_is_multicast_robust_mgmt_frame(struct sk_buff *skb)
453{
454 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
455
456 if (skb->len < 24 || !is_multicast_ether_addr(hdr->addr1))
457 return 0;
458
459 return ieee80211_is_robust_mgmt_frame(hdr);
460}
461
462
463/* Get the BIP key index from MMIE; return -1 if this is not a BIP frame */
464static int ieee80211_get_mmie_keyidx(struct sk_buff *skb)
465{
466 struct ieee80211_mgmt *hdr = (struct ieee80211_mgmt *) skb->data;
467 struct ieee80211_mmie *mmie;
468
469 if (skb->len < 24 + sizeof(*mmie) ||
470 !is_multicast_ether_addr(hdr->da))
471 return -1;
472
473 if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *) hdr))
474 return -1; /* not a robust management frame */
475
476 mmie = (struct ieee80211_mmie *)
477 (skb->data + skb->len - sizeof(*mmie));
478 if (mmie->element_id != WLAN_EID_MMIE ||
479 mmie->length != sizeof(*mmie) - 2)
480 return -1;
481
482 return le16_to_cpu(mmie->key_id);
483}
484
485
438static ieee80211_rx_result 486static ieee80211_rx_result
439ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx) 487ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
440{ 488{
@@ -550,21 +598,23 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
550 int hdrlen; 598 int hdrlen;
551 ieee80211_rx_result result = RX_DROP_UNUSABLE; 599 ieee80211_rx_result result = RX_DROP_UNUSABLE;
552 struct ieee80211_key *stakey = NULL; 600 struct ieee80211_key *stakey = NULL;
601 int mmie_keyidx = -1;
553 602
554 /* 603 /*
555 * Key selection 101 604 * Key selection 101
556 * 605 *
557 * There are three types of keys: 606 * There are four types of keys:
558 * - GTK (group keys) 607 * - GTK (group keys)
608 * - IGTK (group keys for management frames)
559 * - PTK (pairwise keys) 609 * - PTK (pairwise keys)
560 * - STK (station-to-station pairwise keys) 610 * - STK (station-to-station pairwise keys)
561 * 611 *
562 * When selecting a key, we have to distinguish between multicast 612 * When selecting a key, we have to distinguish between multicast
563 * (including broadcast) and unicast frames, the latter can only 613 * (including broadcast) and unicast frames, the latter can only
564 * use PTKs and STKs while the former always use GTKs. Unless, of 614 * use PTKs and STKs while the former always use GTKs and IGTKs.
565 * course, actual WEP keys ("pre-RSNA") are used, then unicast 615 * Unless, of course, actual WEP keys ("pre-RSNA") are used, then
566 * frames can also use key indizes like GTKs. Hence, if we don't 616 * unicast frames can also use key indices like GTKs. Hence, if we
567 * have a PTK/STK we check the key index for a WEP key. 617 * don't have a PTK/STK we check the key index for a WEP key.
568 * 618 *
569 * Note that in a regular BSS, multicast frames are sent by the 619 * Note that in a regular BSS, multicast frames are sent by the
570 * AP only, associated stations unicast the frame to the AP first 620 * AP only, associated stations unicast the frame to the AP first
@@ -577,8 +627,14 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
577 * possible. 627 * possible.
578 */ 628 */
579 629
580 if (!ieee80211_has_protected(hdr->frame_control)) 630 if (!ieee80211_has_protected(hdr->frame_control)) {
581 return RX_CONTINUE; 631 if (!ieee80211_is_mgmt(hdr->frame_control) ||
632 rx->sta == NULL || !test_sta_flags(rx->sta, WLAN_STA_MFP))
633 return RX_CONTINUE;
634 mmie_keyidx = ieee80211_get_mmie_keyidx(rx->skb);
635 if (mmie_keyidx < 0)
636 return RX_CONTINUE;
637 }
582 638
583 /* 639 /*
584 * No point in finding a key and decrypting if the frame is neither 640 * No point in finding a key and decrypting if the frame is neither
@@ -592,6 +648,16 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
592 648
593 if (!is_multicast_ether_addr(hdr->addr1) && stakey) { 649 if (!is_multicast_ether_addr(hdr->addr1) && stakey) {
594 rx->key = stakey; 650 rx->key = stakey;
651 } else if (mmie_keyidx >= 0) {
652 /* Broadcast/multicast robust management frame / BIP */
653 if ((rx->status->flag & RX_FLAG_DECRYPTED) &&
654 (rx->status->flag & RX_FLAG_IV_STRIPPED))
655 return RX_CONTINUE;
656
657 if (mmie_keyidx < NUM_DEFAULT_KEYS ||
658 mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
659 return RX_DROP_MONITOR; /* unexpected BIP keyidx */
660 rx->key = rcu_dereference(rx->sdata->keys[mmie_keyidx]);
595 } else { 661 } else {
596 /* 662 /*
597 * The device doesn't give us the IV so we won't be 663 * The device doesn't give us the IV so we won't be
@@ -654,6 +720,9 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
654 case ALG_CCMP: 720 case ALG_CCMP:
655 result = ieee80211_crypto_ccmp_decrypt(rx); 721 result = ieee80211_crypto_ccmp_decrypt(rx);
656 break; 722 break;
723 case ALG_AES_CMAC:
724 result = ieee80211_crypto_aes_cmac_decrypt(rx);
725 break;
657 } 726 }
658 727
659 /* either the frame has been decrypted or will be dropped */ 728 /* either the frame has been decrypted or will be dropped */
@@ -662,6 +731,39 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
662 return result; 731 return result;
663} 732}
664 733
734static ieee80211_rx_result debug_noinline
735ieee80211_rx_h_check_more_data(struct ieee80211_rx_data *rx)
736{
737 struct ieee80211_local *local;
738 struct ieee80211_hdr *hdr;
739 struct sk_buff *skb;
740
741 local = rx->local;
742 skb = rx->skb;
743 hdr = (struct ieee80211_hdr *) skb->data;
744
745 if (!local->pspolling)
746 return RX_CONTINUE;
747
748 if (!ieee80211_has_fromds(hdr->frame_control))
749 /* this is not from AP */
750 return RX_CONTINUE;
751
752 if (!ieee80211_is_data(hdr->frame_control))
753 return RX_CONTINUE;
754
755 if (!ieee80211_has_moredata(hdr->frame_control)) {
756 /* AP has no more frames buffered for us */
757 local->pspolling = false;
758 return RX_CONTINUE;
759 }
760
761 /* more data bit is set, let's request a new frame from the AP */
762 ieee80211_send_pspoll(local, rx->sdata);
763
764 return RX_CONTINUE;
765}
766
665static void ap_sta_ps_start(struct sta_info *sta) 767static void ap_sta_ps_start(struct sta_info *sta)
666{ 768{
667 struct ieee80211_sub_if_data *sdata = sta->sdata; 769 struct ieee80211_sub_if_data *sdata = sta->sdata;
@@ -736,7 +838,7 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
736 if (rx->sdata->vif.type == NL80211_IFTYPE_ADHOC) { 838 if (rx->sdata->vif.type == NL80211_IFTYPE_ADHOC) {
737 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len, 839 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len,
738 NL80211_IFTYPE_ADHOC); 840 NL80211_IFTYPE_ADHOC);
739 if (compare_ether_addr(bssid, rx->sdata->u.sta.bssid) == 0) 841 if (compare_ether_addr(bssid, rx->sdata->u.ibss.bssid) == 0)
740 sta->last_rx = jiffies; 842 sta->last_rx = jiffies;
741 } else 843 } else
742 if (!is_multicast_ether_addr(hdr->addr1) || 844 if (!is_multicast_ether_addr(hdr->addr1) ||
@@ -1101,6 +1203,15 @@ ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
1101 /* Drop unencrypted frames if key is set. */ 1203 /* Drop unencrypted frames if key is set. */
1102 if (unlikely(!ieee80211_has_protected(fc) && 1204 if (unlikely(!ieee80211_has_protected(fc) &&
1103 !ieee80211_is_nullfunc(fc) && 1205 !ieee80211_is_nullfunc(fc) &&
1206 (!ieee80211_is_mgmt(fc) ||
1207 (ieee80211_is_unicast_robust_mgmt_frame(rx->skb) &&
1208 rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP))) &&
1209 (rx->key || rx->sdata->drop_unencrypted)))
1210 return -EACCES;
1211 /* BIP does not use Protected field, so need to check MMIE */
1212 if (unlikely(rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP) &&
1213 ieee80211_is_multicast_robust_mgmt_frame(rx->skb) &&
1214 ieee80211_get_mmie_keyidx(rx->skb) < 0 &&
1104 (rx->key || rx->sdata->drop_unencrypted))) 1215 (rx->key || rx->sdata->drop_unencrypted)))
1105 return -EACCES; 1216 return -EACCES;
1106 1217
@@ -1138,12 +1249,12 @@ ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
1138 1249
1139 switch (hdr->frame_control & 1250 switch (hdr->frame_control &
1140 cpu_to_le16(IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) { 1251 cpu_to_le16(IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
1141 case __constant_cpu_to_le16(IEEE80211_FCTL_TODS): 1252 case cpu_to_le16(IEEE80211_FCTL_TODS):
1142 if (unlikely(sdata->vif.type != NL80211_IFTYPE_AP && 1253 if (unlikely(sdata->vif.type != NL80211_IFTYPE_AP &&
1143 sdata->vif.type != NL80211_IFTYPE_AP_VLAN)) 1254 sdata->vif.type != NL80211_IFTYPE_AP_VLAN))
1144 return -1; 1255 return -1;
1145 break; 1256 break;
1146 case __constant_cpu_to_le16(IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS): 1257 case cpu_to_le16(IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
1147 if (unlikely(sdata->vif.type != NL80211_IFTYPE_WDS && 1258 if (unlikely(sdata->vif.type != NL80211_IFTYPE_WDS &&
1148 sdata->vif.type != NL80211_IFTYPE_MESH_POINT)) 1259 sdata->vif.type != NL80211_IFTYPE_MESH_POINT))
1149 return -1; 1260 return -1;
@@ -1157,13 +1268,13 @@ ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
1157 } 1268 }
1158 } 1269 }
1159 break; 1270 break;
1160 case __constant_cpu_to_le16(IEEE80211_FCTL_FROMDS): 1271 case cpu_to_le16(IEEE80211_FCTL_FROMDS):
1161 if (sdata->vif.type != NL80211_IFTYPE_STATION || 1272 if (sdata->vif.type != NL80211_IFTYPE_STATION ||
1162 (is_multicast_ether_addr(dst) && 1273 (is_multicast_ether_addr(dst) &&
1163 !compare_ether_addr(src, dev->dev_addr))) 1274 !compare_ether_addr(src, dev->dev_addr)))
1164 return -1; 1275 return -1;
1165 break; 1276 break;
1166 case __constant_cpu_to_le16(0): 1277 case cpu_to_le16(0):
1167 if (sdata->vif.type != NL80211_IFTYPE_ADHOC) 1278 if (sdata->vif.type != NL80211_IFTYPE_ADHOC)
1168 return -1; 1279 return -1;
1169 break; 1280 break;
@@ -1267,10 +1378,37 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1267 } 1378 }
1268 1379
1269 if (skb) { 1380 if (skb) {
1270 /* deliver to local stack */ 1381 int align __maybe_unused;
1271 skb->protocol = eth_type_trans(skb, dev); 1382
1272 memset(skb->cb, 0, sizeof(skb->cb)); 1383#if defined(CONFIG_MAC80211_DEBUG_PACKET_ALIGNMENT) || !defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
1273 netif_rx(skb); 1384 /*
1385 * 'align' will only take the values 0 or 2 here
1386 * since all frames are required to be aligned
1387 * to 2-byte boundaries when being passed to
1388 * mac80211. That also explains the __skb_push()
1389 * below.
1390 */
1391 align = (unsigned long)skb->data & 4;
1392 if (align) {
1393 if (WARN_ON(skb_headroom(skb) < 3)) {
1394 dev_kfree_skb(skb);
1395 skb = NULL;
1396 } else {
1397 u8 *data = skb->data;
1398 size_t len = skb->len;
1399 u8 *new = __skb_push(skb, align);
1400 memmove(new, data, len);
1401 __skb_trim(skb, len);
1402 }
1403 }
1404#endif
1405
1406 if (skb) {
1407 /* deliver to local stack */
1408 skb->protocol = eth_type_trans(skb, dev);
1409 memset(skb->cb, 0, sizeof(skb->cb));
1410 netif_rx(skb);
1411 }
1274 } 1412 }
1275 1413
1276 if (xmit_skb) { 1414 if (xmit_skb) {
@@ -1339,14 +1477,20 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
1339 if (remaining <= subframe_len + padding) 1477 if (remaining <= subframe_len + padding)
1340 frame = skb; 1478 frame = skb;
1341 else { 1479 else {
1342 frame = dev_alloc_skb(local->hw.extra_tx_headroom + 1480 /*
1343 subframe_len); 1481 * Allocate and reserve two bytes more for payload
1482 * alignment since sizeof(struct ethhdr) is 14.
1483 */
1484 frame = dev_alloc_skb(
1485 ALIGN(local->hw.extra_tx_headroom, 4) +
1486 subframe_len + 2);
1344 1487
1345 if (frame == NULL) 1488 if (frame == NULL)
1346 return RX_DROP_UNUSABLE; 1489 return RX_DROP_UNUSABLE;
1347 1490
1348 skb_reserve(frame, local->hw.extra_tx_headroom + 1491 skb_reserve(frame,
1349 sizeof(struct ethhdr)); 1492 ALIGN(local->hw.extra_tx_headroom, 4) +
1493 sizeof(struct ethhdr) + 2);
1350 memcpy(skb_put(frame, ntohs(len)), skb->data, 1494 memcpy(skb_put(frame, ntohs(len)), skb->data,
1351 ntohs(len)); 1495 ntohs(len));
1352 1496
@@ -1529,11 +1673,9 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx)
1529 start_seq_num = le16_to_cpu(bar->start_seq_num) >> 4; 1673 start_seq_num = le16_to_cpu(bar->start_seq_num) >> 4;
1530 1674
1531 /* reset session timer */ 1675 /* reset session timer */
1532 if (tid_agg_rx->timeout) { 1676 if (tid_agg_rx->timeout)
1533 unsigned long expires = 1677 mod_timer(&tid_agg_rx->session_timer,
1534 jiffies + (tid_agg_rx->timeout / 1000) * HZ; 1678 TU_TO_EXP_TIME(tid_agg_rx->timeout));
1535 mod_timer(&tid_agg_rx->session_timer, expires);
1536 }
1537 1679
1538 /* manage reordering buffer according to requested */ 1680 /* manage reordering buffer according to requested */
1539 /* sequence number */ 1681 /* sequence number */
@@ -1547,12 +1689,64 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx)
1547 return RX_CONTINUE; 1689 return RX_CONTINUE;
1548} 1690}
1549 1691
1692static void ieee80211_process_sa_query_req(struct ieee80211_sub_if_data *sdata,
1693 struct ieee80211_mgmt *mgmt,
1694 size_t len)
1695{
1696 struct ieee80211_local *local = sdata->local;
1697 struct sk_buff *skb;
1698 struct ieee80211_mgmt *resp;
1699
1700 if (compare_ether_addr(mgmt->da, sdata->dev->dev_addr) != 0) {
1701 /* Not to own unicast address */
1702 return;
1703 }
1704
1705 if (compare_ether_addr(mgmt->sa, sdata->u.mgd.bssid) != 0 ||
1706 compare_ether_addr(mgmt->bssid, sdata->u.mgd.bssid) != 0) {
1707 /* Not from the current AP. */
1708 return;
1709 }
1710
1711 if (sdata->u.mgd.state == IEEE80211_STA_MLME_ASSOCIATE) {
1712 /* Association in progress; ignore SA Query */
1713 return;
1714 }
1715
1716 if (len < 24 + 1 + sizeof(resp->u.action.u.sa_query)) {
1717 /* Too short SA Query request frame */
1718 return;
1719 }
1720
1721 skb = dev_alloc_skb(sizeof(*resp) + local->hw.extra_tx_headroom);
1722 if (skb == NULL)
1723 return;
1724
1725 skb_reserve(skb, local->hw.extra_tx_headroom);
1726 resp = (struct ieee80211_mgmt *) skb_put(skb, 24);
1727 memset(resp, 0, 24);
1728 memcpy(resp->da, mgmt->sa, ETH_ALEN);
1729 memcpy(resp->sa, sdata->dev->dev_addr, ETH_ALEN);
1730 memcpy(resp->bssid, sdata->u.mgd.bssid, ETH_ALEN);
1731 resp->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1732 IEEE80211_STYPE_ACTION);
1733 skb_put(skb, 1 + sizeof(resp->u.action.u.sa_query));
1734 resp->u.action.category = WLAN_CATEGORY_SA_QUERY;
1735 resp->u.action.u.sa_query.action = WLAN_ACTION_SA_QUERY_RESPONSE;
1736 memcpy(resp->u.action.u.sa_query.trans_id,
1737 mgmt->u.action.u.sa_query.trans_id,
1738 WLAN_SA_QUERY_TR_ID_LEN);
1739
1740 ieee80211_tx_skb(sdata, skb, 1);
1741}
1742
1550static ieee80211_rx_result debug_noinline 1743static ieee80211_rx_result debug_noinline
1551ieee80211_rx_h_action(struct ieee80211_rx_data *rx) 1744ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1552{ 1745{
1553 struct ieee80211_local *local = rx->local; 1746 struct ieee80211_local *local = rx->local;
1554 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev); 1747 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
1555 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data; 1748 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
1749 struct ieee80211_bss *bss;
1556 int len = rx->skb->len; 1750 int len = rx->skb->len;
1557 1751
1558 if (!ieee80211_is_action(mgmt->frame_control)) 1752 if (!ieee80211_is_action(mgmt->frame_control))
@@ -1564,12 +1758,26 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1564 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 1758 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
1565 return RX_DROP_MONITOR; 1759 return RX_DROP_MONITOR;
1566 1760
1761 if (ieee80211_drop_unencrypted(rx, mgmt->frame_control))
1762 return RX_DROP_MONITOR;
1763
1567 /* all categories we currently handle have action_code */ 1764 /* all categories we currently handle have action_code */
1568 if (len < IEEE80211_MIN_ACTION_SIZE + 1) 1765 if (len < IEEE80211_MIN_ACTION_SIZE + 1)
1569 return RX_DROP_MONITOR; 1766 return RX_DROP_MONITOR;
1570 1767
1571 switch (mgmt->u.action.category) { 1768 switch (mgmt->u.action.category) {
1572 case WLAN_CATEGORY_BACK: 1769 case WLAN_CATEGORY_BACK:
1770 /*
1771 * The aggregation code is not prepared to handle
1772 * anything but STA/AP due to the BSSID handling;
1773 * IBSS could work in the code but isn't supported
1774 * by drivers or the standard.
1775 */
1776 if (sdata->vif.type != NL80211_IFTYPE_STATION &&
1777 sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
1778 sdata->vif.type != NL80211_IFTYPE_AP)
1779 return RX_DROP_MONITOR;
1780
1573 switch (mgmt->u.action.u.addba_req.action_code) { 1781 switch (mgmt->u.action.u.addba_req.action_code) {
1574 case WLAN_ACTION_ADDBA_REQ: 1782 case WLAN_ACTION_ADDBA_REQ:
1575 if (len < (IEEE80211_MIN_ACTION_SIZE + 1783 if (len < (IEEE80211_MIN_ACTION_SIZE +
@@ -1594,6 +1802,10 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1594 case WLAN_CATEGORY_SPECTRUM_MGMT: 1802 case WLAN_CATEGORY_SPECTRUM_MGMT:
1595 if (local->hw.conf.channel->band != IEEE80211_BAND_5GHZ) 1803 if (local->hw.conf.channel->band != IEEE80211_BAND_5GHZ)
1596 return RX_DROP_MONITOR; 1804 return RX_DROP_MONITOR;
1805
1806 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1807 return RX_DROP_MONITOR;
1808
1597 switch (mgmt->u.action.u.measurement.action_code) { 1809 switch (mgmt->u.action.u.measurement.action_code) {
1598 case WLAN_ACTION_SPCT_MSR_REQ: 1810 case WLAN_ACTION_SPCT_MSR_REQ:
1599 if (len < (IEEE80211_MIN_ACTION_SIZE + 1811 if (len < (IEEE80211_MIN_ACTION_SIZE +
@@ -1601,6 +1813,43 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1601 return RX_DROP_MONITOR; 1813 return RX_DROP_MONITOR;
1602 ieee80211_process_measurement_req(sdata, mgmt, len); 1814 ieee80211_process_measurement_req(sdata, mgmt, len);
1603 break; 1815 break;
1816 case WLAN_ACTION_SPCT_CHL_SWITCH:
1817 if (len < (IEEE80211_MIN_ACTION_SIZE +
1818 sizeof(mgmt->u.action.u.chan_switch)))
1819 return RX_DROP_MONITOR;
1820
1821 if (memcmp(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN))
1822 return RX_DROP_MONITOR;
1823
1824 bss = ieee80211_rx_bss_get(local, sdata->u.mgd.bssid,
1825 local->hw.conf.channel->center_freq,
1826 sdata->u.mgd.ssid,
1827 sdata->u.mgd.ssid_len);
1828 if (!bss)
1829 return RX_DROP_MONITOR;
1830
1831 ieee80211_process_chanswitch(sdata,
1832 &mgmt->u.action.u.chan_switch.sw_elem, bss);
1833 ieee80211_rx_bss_put(local, bss);
1834 break;
1835 }
1836 break;
1837 case WLAN_CATEGORY_SA_QUERY:
1838 if (len < (IEEE80211_MIN_ACTION_SIZE +
1839 sizeof(mgmt->u.action.u.sa_query)))
1840 return RX_DROP_MONITOR;
1841 switch (mgmt->u.action.u.sa_query.action) {
1842 case WLAN_ACTION_SA_QUERY_REQUEST:
1843 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1844 return RX_DROP_MONITOR;
1845 ieee80211_process_sa_query_req(sdata, mgmt, len);
1846 break;
1847 case WLAN_ACTION_SA_QUERY_RESPONSE:
1848 /*
1849 * SA Query response is currently only used in AP mode
1850 * and it is processed in user space.
1851 */
1852 return RX_CONTINUE;
1604 } 1853 }
1605 break; 1854 break;
1606 default: 1855 default:
@@ -1616,10 +1865,14 @@ static ieee80211_rx_result debug_noinline
1616ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx) 1865ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
1617{ 1866{
1618 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev); 1867 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
1868 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
1619 1869
1620 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 1870 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
1621 return RX_DROP_MONITOR; 1871 return RX_DROP_MONITOR;
1622 1872
1873 if (ieee80211_drop_unencrypted(rx, mgmt->frame_control))
1874 return RX_DROP_MONITOR;
1875
1623 if (ieee80211_vif_is_mesh(&sdata->vif)) 1876 if (ieee80211_vif_is_mesh(&sdata->vif))
1624 return ieee80211_mesh_rx_mgmt(sdata, rx->skb, rx->status); 1877 return ieee80211_mesh_rx_mgmt(sdata, rx->skb, rx->status);
1625 1878
@@ -1627,11 +1880,14 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
1627 sdata->vif.type != NL80211_IFTYPE_ADHOC) 1880 sdata->vif.type != NL80211_IFTYPE_ADHOC)
1628 return RX_DROP_MONITOR; 1881 return RX_DROP_MONITOR;
1629 1882
1630 if (sdata->flags & IEEE80211_SDATA_USERSPACE_MLME)
1631 return RX_DROP_MONITOR;
1632 1883
1633 ieee80211_sta_rx_mgmt(sdata, rx->skb, rx->status); 1884 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
1634 return RX_QUEUED; 1885 if (sdata->flags & IEEE80211_SDATA_USERSPACE_MLME)
1886 return RX_DROP_MONITOR;
1887 return ieee80211_sta_rx_mgmt(sdata, rx->skb, rx->status);
1888 }
1889
1890 return ieee80211_ibss_rx_mgmt(sdata, rx->skb, rx->status);
1635} 1891}
1636 1892
1637static void ieee80211_rx_michael_mic_report(struct net_device *dev, 1893static void ieee80211_rx_michael_mic_report(struct net_device *dev,
@@ -1780,6 +2036,7 @@ static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata,
1780 CALL_RXH(ieee80211_rx_h_passive_scan) 2036 CALL_RXH(ieee80211_rx_h_passive_scan)
1781 CALL_RXH(ieee80211_rx_h_check) 2037 CALL_RXH(ieee80211_rx_h_check)
1782 CALL_RXH(ieee80211_rx_h_decrypt) 2038 CALL_RXH(ieee80211_rx_h_decrypt)
2039 CALL_RXH(ieee80211_rx_h_check_more_data)
1783 CALL_RXH(ieee80211_rx_h_sta_process) 2040 CALL_RXH(ieee80211_rx_h_sta_process)
1784 CALL_RXH(ieee80211_rx_h_defragment) 2041 CALL_RXH(ieee80211_rx_h_defragment)
1785 CALL_RXH(ieee80211_rx_h_ps_poll) 2042 CALL_RXH(ieee80211_rx_h_ps_poll)
@@ -1823,16 +2080,17 @@ static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata,
1823/* main receive path */ 2080/* main receive path */
1824 2081
1825static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata, 2082static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
1826 u8 *bssid, struct ieee80211_rx_data *rx, 2083 struct ieee80211_rx_data *rx,
1827 struct ieee80211_hdr *hdr) 2084 struct ieee80211_hdr *hdr)
1828{ 2085{
2086 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len, sdata->vif.type);
1829 int multicast = is_multicast_ether_addr(hdr->addr1); 2087 int multicast = is_multicast_ether_addr(hdr->addr1);
1830 2088
1831 switch (sdata->vif.type) { 2089 switch (sdata->vif.type) {
1832 case NL80211_IFTYPE_STATION: 2090 case NL80211_IFTYPE_STATION:
1833 if (!bssid) 2091 if (!bssid)
1834 return 0; 2092 return 0;
1835 if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) { 2093 if (!ieee80211_bssid_match(bssid, sdata->u.mgd.bssid)) {
1836 if (!(rx->flags & IEEE80211_RX_IN_SCAN)) 2094 if (!(rx->flags & IEEE80211_RX_IN_SCAN))
1837 return 0; 2095 return 0;
1838 rx->flags &= ~IEEE80211_RX_RA_MATCH; 2096 rx->flags &= ~IEEE80211_RX_RA_MATCH;
@@ -1850,7 +2108,7 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
1850 if (ieee80211_is_beacon(hdr->frame_control)) { 2108 if (ieee80211_is_beacon(hdr->frame_control)) {
1851 return 1; 2109 return 1;
1852 } 2110 }
1853 else if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) { 2111 else if (!ieee80211_bssid_match(bssid, sdata->u.ibss.bssid)) {
1854 if (!(rx->flags & IEEE80211_RX_IN_SCAN)) 2112 if (!(rx->flags & IEEE80211_RX_IN_SCAN))
1855 return 0; 2113 return 0;
1856 rx->flags &= ~IEEE80211_RX_RA_MATCH; 2114 rx->flags &= ~IEEE80211_RX_RA_MATCH;
@@ -1928,7 +2186,6 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
1928 int prepares; 2186 int prepares;
1929 struct ieee80211_sub_if_data *prev = NULL; 2187 struct ieee80211_sub_if_data *prev = NULL;
1930 struct sk_buff *skb_new; 2188 struct sk_buff *skb_new;
1931 u8 *bssid;
1932 2189
1933 hdr = (struct ieee80211_hdr *)skb->data; 2190 hdr = (struct ieee80211_hdr *)skb->data;
1934 memset(&rx, 0, sizeof(rx)); 2191 memset(&rx, 0, sizeof(rx));
@@ -1956,7 +2213,7 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
1956 rx.flags |= IEEE80211_RX_IN_SCAN; 2213 rx.flags |= IEEE80211_RX_IN_SCAN;
1957 2214
1958 ieee80211_parse_qos(&rx); 2215 ieee80211_parse_qos(&rx);
1959 ieee80211_verify_ip_alignment(&rx); 2216 ieee80211_verify_alignment(&rx);
1960 2217
1961 skb = rx.skb; 2218 skb = rx.skb;
1962 2219
@@ -1967,9 +2224,8 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
1967 if (sdata->vif.type == NL80211_IFTYPE_MONITOR) 2224 if (sdata->vif.type == NL80211_IFTYPE_MONITOR)
1968 continue; 2225 continue;
1969 2226
1970 bssid = ieee80211_get_bssid(hdr, skb->len, sdata->vif.type);
1971 rx.flags |= IEEE80211_RX_RA_MATCH; 2227 rx.flags |= IEEE80211_RX_RA_MATCH;
1972 prepares = prepare_for_handlers(sdata, bssid, &rx, hdr); 2228 prepares = prepare_for_handlers(sdata, &rx, hdr);
1973 2229
1974 if (!prepares) 2230 if (!prepares)
1975 continue; 2231 continue;
@@ -2174,11 +2430,9 @@ static u8 ieee80211_rx_reorder_ampdu(struct ieee80211_local *local,
2174 /* new un-ordered ampdu frame - process it */ 2430 /* new un-ordered ampdu frame - process it */
2175 2431
2176 /* reset session timer */ 2432 /* reset session timer */
2177 if (tid_agg_rx->timeout) { 2433 if (tid_agg_rx->timeout)
2178 unsigned long expires = 2434 mod_timer(&tid_agg_rx->session_timer,
2179 jiffies + (tid_agg_rx->timeout / 1000) * HZ; 2435 TU_TO_EXP_TIME(tid_agg_rx->timeout));
2180 mod_timer(&tid_agg_rx->session_timer, expires);
2181 }
2182 2436
2183 /* if this mpdu is fragmented - terminate rx aggregation session */ 2437 /* if this mpdu is fragmented - terminate rx aggregation session */
2184 sc = le16_to_cpu(hdr->seq_ctrl); 2438 sc = le16_to_cpu(hdr->seq_ctrl);
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-22 04:30:45 -0500